Could the XZ backdoor have been detected with better Git and Debian packaging practices?
(optimizedbyotto.com)
from cm0002@lemmings.world to cybersecurity@infosec.pub on 19 Oct 20:05
https://lemmings.world/post/35685861
from cm0002@lemmings.world to cybersecurity@infosec.pub on 19 Oct 20:05
https://lemmings.world/post/35685861
How did the changes in the binary test files tests/files/bad-3-corrupt_lzma2.xz and tests/files/good-large_compressed.lzma, and the makefile change in m4/build-to-host.m4) manifest to the Debian maintainer? Was there a chance of noticing something odd?
threaded - newest